These changes introduce a new OriginSnapshot type, which is an immutable
version of MutableOrigin (ie. an origin that includes an optional domain
modifier). This is now propagated as part of LoadData's origin, allowing
us to perform the same-origin-domain check for javascript: URLs as
needed.
Testing: Newly-passing tests.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Updates the implementation of HTMLIFrameElement::GetContentDocument to
match the latest specification text.
Testing: Since each script thread only contains documents that are
same-origin-domain, I don't think it's possible to construct a testcase
with an observable difference here.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This change moves the `UserContentManager` abstraction from the
`ServoBuilder` to `WebViewBuilder` so that embedders can inject content
for each `WebView` independently. It also adds basic support for runtime
mutations to the `UserContentManager` API. Only adding new scripts is
currently supported, but future changes will add support for both other
mutations such as removal of scripts and addition & removal of
stylesheets. Future changes could also optimize the way mutations are
propagated to `ScriptThread`s by sending just the "delta" rather than
the whole `UserContents` structure for each mutation.
The `UserContentManager` now becomes just a convenient handle for the
embedders to invoke the mutation API while the actual management of the
manager's content is handled by the Constellation. The mutations are
relayed to the constellation via messages. The change also separates the
serialized version containg the user contents into a new `UserContent`
structure so that the API cannot be misused.
Testing: New unit tests have been added for the different scenarios
involving UserContentManager.
---------
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
The specification has a dedicated method for destroying
documents. Parts of that method were scattered around
various parts of Servo machinery.
This patch consolidates these steps and follow the spec.
Additionally, it now correctly unloads iframes when
they are removed from a parent document.
As a result, the fetch-later WPT test now passes, as
it relies on the correct ordering of iframe unloading
to verify the fetch-later requests are sent.
Part of #31973
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Have more of the code follow the same path calling
`ScriptThread::spawn_pipeline`. Somewhat tricky was that the `origin` of
the new Pipeline was being determined in several different places, but
all in a consistent way for different types of page loads. This change
makes it is so that the origin is always determined in the same place.
This change is preparation for splitting out the creation of a new
`ScriptThread` and the spawning of its first pipeline.
Testing: This should not change observable behavior, so is covered by
existing tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
The thing that this message does is to spawn a pipeline in a
`ScriptThread`. I believe that the `AttachLayout` name is a relic of a
different time. The corresponding procedure in the `Constellation` is
already called `Pipeline::spawn`.
Testing: This is just a rename, so existing tests should cover this
change.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Prevent the running of the iframe load event steps for the initial
about:blank document. Part of
https://github.com/servo/servo/issues/31973
Testing:
/html/browsers/browsing-the-web/navigating-across-documents/initial-empty-document/iframe-nosrc.html
Fixes: It is expected that the intermittent issue of 34819 will go away,
but I will leave it open so we can close it when we realize it isn't
being mentioned by PR's anymore.
https://github.com/servo/servo/issues/34819
---------
Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
script: add `CanGc` as argument to
`VirtualMethods.post_connection_steps`
Testing: These changes do not require tests because they are a refactor.
Addresses part of https://github.com/servo/servo/issues/34573
Signed-off-by: Yerkebulan Tulibergenov <yerkebulan@gmail.com>
Servo has a lot of comments like this:
```rust
// https://example-spec.com/#do-the-thing
fn do_the_thing() {}
```
and I keep turning these into doc comments whenever I'm working close to
one of them. Doing so allows me to hover over a function call in an IDE
and open its specification without having to jump to the function
definition first. This change fixes all of these comments at once.
This was done using `find components -name '*.rs' -exec perl -i -0777
-pe 's|^([ \t]*)// (https?://.*)\n\1(fn )|\1/// <$2>\n\1$3|mg' {} +`.
Note that these comments should be doc comments even within trait `impl`
blocks, because rustdoc will use them as fallback documentation when the
method definition on the trait does not have documentation.
Testing: Comments only, no testing required
Preparation for https://github.com/servo/servo/pull/39552
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This implements LazyDOMString (from now on DOMString) as outlined in
https://github.com/servo/servo/issues/39479.
Constructing from a *mut JSString we keep the in a
RootedTraceableBox<Heap<*mut JSString>> and transform
the string into a rust string if necessary via the `make_rust_string`
method.
Methods used in script are implemented on this string. Currently we
transform the string at all times.
But in the future more efficient implementations are possible.
We implement the safety critical sections in a separate module
DOMStringInner which allows simple constructors, `make_rust_string` and
the `bytes` method.
This method returns the new type `EncodedBytes` which contains the
reference to the underlying string in either format.
Testing: WPT tests still seem to work, so this should test this
functionality.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
The HTML specification defines the 'width' and 'height' attributes as
dimension attributes for the embedded content and images (img, iframe,
embed, object, video, source, input with image type)
https://html.spec.whatwg.org/multipage/#dimension-attributes and for the
tables (table, col, colgroup, thead, tbody, tfoot, tr, td, th) even
these attributes are marked as obsolete.
And UA are expected to use these 'width' and 'height' attributes as
style presentational hints for the rendering.
The embedded content and images:
https://html.spec.whatwg.org/multipage/#dimRendering
The tables:
https://html.spec.whatwg.org/multipage/#tables-2:the-table-element-4
Added missing 'width' and/or 'height' reflected IDL attributes:
- conformant 'unsigned long' IDL attributes for the 'img, source, video'
(with new macro 'make_dimension_uint*)
- obsolete 'DOMString' IDL attributes for the 'td, th, col, colgroup'
Moved the `fn attribute_affects_presentational_hints()` from Element to
specific HTML and SVG elements with attributes which affects
presentational hints for rendering.
Testing: Improvements in the following tests
- html/dom/idlharness.https.html
- html/dom/reflection-embedded.html
- html/dom/reflection-tabular.html
-
html/rendering/replaced-elements/attributes-for-embedded-content-and-images/picture-aspect-ratio.html
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
This change makes it so that `<iframe>` sanboxing is equivalent to the
one used for Content Security Policy, which is how the specification is
written. In addition, these sandboxing flags are passed through to
`<iframe>` `Document`s via `LoadData` and stored as
`Document::creation_sandboxing_flag_set`. The flags are used to
calculate the final `Document::active_sandboxing_flag_set` when loading
a `Document`.
This change makes it so that `<iframe>`s actually behave in a sandboxed
way, the same way that `Document`s with CSP configurations do. For
instance, now scripts and popups are blocked by default in `<iframe>`s
with the
`sandbox` attribute.
Testing: This causes many WPT tests to start to pass or to move from
ERROR to TIMEOUT or failing later. Some tests start to fail:
-
`/html/semantics/embedded-content/the-canvas-element/canvas-descendants-focusability-005.html`:
This test uses a combination of `<iframe allow>` and Canvas fallback
content, which we do not support.
-
`/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigate_other_frame_popup.sub.html`:
This test is now failing because the iframe is sanboxed but in the
ScriptThread now due to `allow-same-origin`. More implementation is
needed to add support for the "one permitted sandbox navigator concept."
Fixes: This is part of #31973.
---------
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
Split the window_proxies in script thread into its own struct with
appropiate methods. ScriptThread allows to get an Rc to it.
HtmlIFrameElement, Window and WindowProxy now get the Rc on construction
from ScriptThread.
Testing: Just a refactor so should not change any behavior.
Fixes: Addresses part of https://github.com/servo/servo/issues/37969
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
This is part of the future work of implementing LazyDOMString as
outlined in https://github.com/servo/servo/issues/39479.
We use str() method or direct implementations on DOMString for these
methods. We also change some types.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Testing: This is essentially just renaming a method and a type and
should not change functionality.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
